Two more mobile worms start alarm bells ringing

Two new worms aimed at mobiles have been discovered, promising a new era of virus threats.

Some security analysts maintain there is no reason for immediate concern however and that large-scale attacks targeting smart phones and handheld computers are unlikely in the short term.

F-Secure issued an advisory in late December warning of an increasing number of attacks against smart phones after it found two new variants of the Cabir worm, which first appeared in June, that target Symbian phones.

"The thing that concerns us the most is that there is a lot of the original source code for Cabir out there," said Travis Witteveen, F-Secure vice president. So far, Cabir and its variants haven't proved to be particularly destructive. But that could change as the source code is freely available.

Wittevee added that new versions of another piece of malicious code called Skulls that also targets Symbian's software have begun appearing, further raising the potential threat to users.

The increase in malware targeting smart phones is something IT security managers need to keep an eye on, said John Pescatore, an analyst at Gartner. "But three things have to come together for there to be a real virus threat in the smart phone world," he said. "A dominant platform has to emerge, the phones have to be able to run external software on them, and there has to be more penetration." Gartner doesn't expect those three things to happen until the end of 2006.

Nonetheless, companies that are using PDAs and smart phones should start treating such devices as corporate assets and figure out formal processes for protecting them before the end of next year, Pescatore advised.

"You'd be bordering on the negligent to completely ignore this issue," said Pete Lindstrom, an analyst at Spire Security. But it's an immediate concern only for companies that are heavily using smart phones, he said, adding that very few are doing so now. "In the real world, you have to prioritise your work, and my guess is that this would be on the low end of that list," Lindstrom said.